1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Dr. location website and blog
I use Moz Local to sync my Endocrinology medical clinic website to search engines and directories and it has helped me a lot. However, I want to start a blog that deep dives into Endocrine based issues like diseases and conditions. The issue is I am not sure if I should just add the blog to my Endocrinology Medical Clinic website or Start the blog off on a completely new domain because one day I might want to sell my Endocrinology Medical Clinic but keep my Endocrine based blog. What do you suggest? Also do any of your services help submit blogs without a physical address to search engines and directories like Moz Local?
Content Development | | Viewpoint-Endocrinology0 -
Which blog is best
We use Bigcommerce, at the moment we use wordpress for our blogs, bigcommerce has its own blog. Is it better to use the Bigcommerce blog or Wordpress.
Content Development | | CostumeD0 -
Is it okay to delete old blog posts?
Hi All, I'm doing some SEO work on an entertainment (movies/tv/gaming) blog that started in 2011. Their recent articles have gained some popularity due to improved content and marketing, but there is some old stuff from the early days that was poorly written and gets virtually no traffic. These are mostly old news pieces. Out of approximately 10,000 articles, about 1,000 are receiving the lions share of the traffic. I feel like their good content is getting bogged down in a sea of crap. Would there be any harm in deleting some of those old posts? Is there a best practice for culling content? Thanks!
Content Development | | 74andsunny0 -
Blog Benefits
I read a very interesting answer by Andy Solo to a previous question in which he replied: "Use your blog to create some Tips & How-To's, optimize those blog entries for the long tail keywords and soon enough your blog will be the gateway into your website. Learn how to target longl-tail keyword searches and how to analyze keyword competition to find the right niche blog posts to create". With my own company site, www.nile-cruises-4u.co.uk which has a long-standing blog attached, www.nile-cruises-4u.co.uk/blog I always felt that the blog content greatly aided our top positions in Google.co.uk. However, over the last 12 months we have slipped right down page one and I wondered if the blog is still helping our site or if the emphasis/value has switched and Google is looking at a lot of other factors where we score badly? Colin
Content Development | | NileCruises0 -
Blog? Is it worth it?
Hi Guys, Hope your all OK. Apart from our main site we have a static comparison site that's now ranking really high for some of our big keywords. At the moment the site only has 2 pages and I'm wondering weither or not to setup a blog on the site to not only increase the pages indexed but also increase our longtail keyword rankings... I'll be able to create a new article aday. Would like your input guys. Thanks, Scott
Content Development | | ScottBaxterWW0 -
How can i export al my text to 1 file ?
I like to export al my website text to 1 file, to check if the are any errors in it. How is this possible ?
Content Development | | Jorianp0 -
Is it worth to change a blog from a subdomain to subfolder?
We have a blog in a subdomain since some years and we are thinking about moving it to a subfolder, to see if we can boost the main domain (incoming links + fresh content). Could be worth it?
Content Development | | Montse0 -
On-Site Blog or Blog Service for Best SEO Results
I had a blog associated with my site, then I had to merge two Google accounts and to make a long story short, my old Blogger page won't transfer to the new account. So, I'm starting fresh. My Question: Would I benefit most from an on-site subdomain blog, adding content to my site on a weekly/monthly basis, or an off-site blog such as Blogger, linking back to pages and resources on my site? Then, any other juicy tips would be great. Honestly, I won't expect a large subscription base. There will be a natural draw for some trade associates, and I'll be linking and promoting them as well. Thanks for any input. I'm new to the community, and SEO, but really impressed with this community.
Content Development | | honestabejosh0